package resource.resource.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class index {
    // 资源API
    @RequestMapping("/api")
    @PreAuthorize("hasRole('select')")
    public String getUserInfo() {
        return "返回数据信息";
    }

    @RequestMapping("/product/{id}")
    @PreAuthorize("hasAuthority('select')")
    public String getProduct(@PathVariable String id) {
        //for debug
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return "product id : " + id;
    }

    @RequestMapping("/order/{id}")
    @PreAuthorize("hasAuthority('ROLE_USER')")
    public String getOrder(@PathVariable String id) {
        return "order id : " + id;
    }

}
